<![CDATA[Latest posts for the topic "Virus này là gì? Xin chỉ mình cách khắc phục?"]]> /hvaonline/posts/list/28.html JForum - http://www.jforum.net Virus này là gì? Xin chỉ mình cách khắc phục?
[/URL]]]>
/hvaonline/posts/list/15741.html#94043 /hvaonline/posts/list/15741.html#94043 GMT
Re: Virus này là gì? Xin chỉ mình cách khắc phục? /hvaonline/posts/list/15741.html#94054 /hvaonline/posts/list/15741.html#94054 GMT Re: Virus này là gì? Xin chỉ mình cách khắc phục? /hvaonline/posts/list/15741.html#94058 /hvaonline/posts/list/15741.html#94058 GMT Re: Virus này là gì? Xin chỉ mình cách khắc phục? /hvaonline/posts/list/15741.html#94085 /hvaonline/posts/list/15741.html#94085 GMT Re: Virus này là gì? Xin chỉ mình cách khắc phục? http://www.timnhanh.com/netshop/net/hcm/q_tbi/59vanchung R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE KOCOM KMC-90 Web Camera O4 - HKLM\..\Run: [hndclient] C:\PROGRA~1\HANDYC~1\CLIENT\_hndguard.exe -rungrd O4 - HKLM\..\Run: [FastHelper] "C:\Program Files\FireLion Softwares\FastHelper\FastHelper.exe" /startup O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: censtat.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{ED1EC358-57C5-4803-9AD9-D171E5B1C55D}: NameServer = 210.245.24.20 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: ctiserv - Centurion Technologies, Inc. - C:\WINDOWS\CTIServ.exe O23 - Service: [FireLion] FastHelper Resident Shield (FastHelper) - FireLion Co., Ltd - C:\Program Files\FireLion Softwares\FastHelper\ResidentShield.exe ]]> /hvaonline/posts/list/15741.html#94089 /hvaonline/posts/list/15741.html#94089 GMT Re: Virus này là gì? Xin chỉ mình cách khắc phục?
[/URL]]]>
/hvaonline/posts/list/15741.html#94092 /hvaonline/posts/list/15741.html#94092 GMT
Re: Virus này là gì? Xin chỉ mình cách khắc phục?

phanthanhkhanh wrote:
đây là scan bằng HijackThis nè bạn. O4 - HKLM\..\Run: [hndclient] C:\PROGRA~1\HANDYC~1\CLIENT\_hndguard.exe -rungrd O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe  
Trường hợp này mình chưa gặp bao giờ, nhưng trong cái log bạn gửi mình thấy có 3 file này đáng nghi nhất,đặc biệt là file hndguard.exe.Bạn vô reg tìm đến đường dẫn này rồi xoá file xem sao .Thân]]>
/hvaonline/posts/list/15741.html#94382 /hvaonline/posts/list/15741.html#94382 GMT
Re: Virus này là gì? Xin chỉ mình cách khắc phục? /hvaonline/posts/list/15741.html#94412 /hvaonline/posts/list/15741.html#94412 GMT Re: Virus này là gì? Xin chỉ mình cách khắc phục? /hvaonline/posts/list/15741.html#94469 /hvaonline/posts/list/15741.html#94469 GMT Re: Virus này là gì? Xin chỉ mình cách khắc phục? http://www.diendantinhoc.com/lofiversion/index.php/t43931.html
Máy mình cũng bị nhiễm và đã diệt đuợc rồi. Cài kaspersky, update virut mới Khởi động lại máy, nhấn F8 > chọn Safe mode Khi Win load đến màn hình welcome nhấn Shift + Alt để không nạp các services + chuơng trình linh tinh Mở Kaspersky lên quét virut là hết.  
Bác thử làm xem. ]]>
/hvaonline/posts/list/15741.html#94481 /hvaonline/posts/list/15741.html#94481 GMT
Re: Virus này là gì? Xin chỉ mình cách khắc phục? http://www.regrun.com và BKAV để diệt. Còn process "Wscript.exe" đúng ra là của hệ thống nhưng trong trường hợp có quá nhiều process này trong log mình nghĩ nó bị nhiễm con "Vbswg.Aq Worm". Bạn kiểm tra lại nhé! :) ]]> /hvaonline/posts/list/15741.html#94534 /hvaonline/posts/list/15741.html#94534 GMT Re: Virus này là gì? Xin chỉ mình cách khắc phục? /hvaonline/posts/list/15741.html#94783 /hvaonline/posts/list/15741.html#94783 GMT Re:Virus này là gì? Xin chỉ mình cách khắc phục? Hacked By Godzilla - Virus Fixed Hacked By Godzilla is a new computer virus that widely infect from using Handy Drive or Floppy Disk Defected 1. We can not Double Click to open any Drive on our computer. But we can Right Click to Open or Explore. 2. There is a text “Hacked By Godzilla” on Title Bar of Internet Explorer. How to fix Godzilla 1. Double Click on My Computer icon on Desktop and select Tools --> Folder Options 2. When Folder Options cliak at View tab a. check at Show Hidden files and folders b. unchuck the Hide extention… and Hide protected operating system file c. click OK 3. Press Ctrl+Alt+Delete. The Windows Task Manager will dispalay. Click at Processes tab a. Click menu Image Name (to sort Files) b. Select wscript.exe (one by one) c. Click End Process button 4. Open drive (By right click and select Explore. Must not Double Click !) Delete autorun.inf and MS32DLL.dll.vbs (Press Shift+Delete) in all drives include Handy Drive and Floppy disk. 5. Open folder C:\WINDOWS to delete MS32DLL.dll.vbs inside (press Shift+Delete ) 6. Go to Start --> Run and enter regedit click OK. Registry Edit dialoq will display. 7. Select HKEY_LOCAL_MACHINE --> Software --> Microsoft --> Windows --> Current Version --> Run to delete MS32DLL (press Delete key on keyboard) 8. Select HKEY_CURRENT_USER --> Software --> Microsoft --> Internet Explorer --> Main to delete Window Title “Hacked by Godzilla” (press Delete key on keyboard) 9. Click Start --> Run and enter gpedit.msc click OK. Group Policy dialoq will display. 10. Select User Configuration --> Administrative Templates --> System --> Double Click on file Turn Off Autoplay then Turn Off Autoplay Properties will display a. Select Enabled b. Select All drives c. Click OK To prevent auto open when we insert CD or plug the Handy Drive that is the way virus infect. 11. ClickStart --> Run and enter msconfig Click OK. the System Configuration Utility dialoq will display a. Click Startup tab b. Uncheck MS32DLL c. Click Apply d. Clock OK (or Close) When the System Configuration dialoq display select Exit Without Restart 12. Double Click on icon My Computer on Desktop. Then select Tools --> Folder Options 13. On Folder Options dialoq select View tab a. Check at Hide extention… and Hide protected operating system file b. Click OK 14. Right Click at Recycle bin. Then select Empty Recycle Bin to make sure the virus is deleted. That's all. You'll never see Hacked By Godzilla again. I Guarantee it'll work !   ]]> /hvaonline/posts/list/15741.html#95088 /hvaonline/posts/list/15741.html#95088 GMT Re: Virus này là gì? Xin chỉ mình cách khắc phục? /hvaonline/posts/list/15741.html#95131 /hvaonline/posts/list/15741.html#95131 GMT